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SYSTEM AND METHOD FOR PROVIDING A SERVICE IN A CONTROLLED RUN- 
TIME ENVIRONMENT 

BACKGROUND 

[0001] An enterprise application is a qualitative term used to describe a software 
application designed to execute under relatively demanding performance criteria and to support a 
relatively large number of distributed users in a scalable manner. The development of enterprise 
applications may be relatively difficult due to their robust functionality and performance 
requirements. Enterprise applications are typically implemented utilizing an application server 
architecture. The various services of the application server architecture are deployed on the 
applications server by writing the software code (e.g., the object oriented class files) on a storage 
device associated with the application server and by modifying an appropriate deployment 
descriptor. In general, all of the modular software fimctionaUty of an application server is stored 
locally on the processing platform that executes the application server. 

[0002] hi addition to conventional application servers, distributed web servers may be 
developed to enable remote services to be assembled into an application. Various protocols have 
been developed for the purpose of implementing remote web services such as the Web Services 
Description Language (WSDL). WSDL defines interfaces and invocation methods of a web 
service. Further, WSDL describes publication of web services to Litranet or Intemet repositories 
or registries to enable identification and location of web services. The location and identification 
of web services may occur utilizing Universal Description, Discovery, and Litegration (UDDI). 
Commimication with web services may utiHze various protocols such as Remote Procedure Calls 
(RPC). For example, JAX-RPC is the JAVA'^'^ remote procedure call technology. JAX-RPC 
enables JAVA™ developers to build Web applications and Web services. The RFC mechanism 
enables a remote procedure call from a client to be cormnunicated to a remote server, hi a 
distributed client/server model, for example, a server defines a service as a collection of 
procedures that are callable by remote clients. A client calls the remote procedures on the server 
to access services defined by the server. In extensible mark-up language (XML)-based RFC, a 
remote procedure call is represented using an XML-based protocol such as the Simple Object 
Access Frotocol (SOAP) 1.1 specification which defines a convention for representation of 
remote procedure calls and responses. 
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[0003] Integrating distributed web services into an application presents numerous 
complications. Some of the more important complications are authentication and identity- 
management. As an example, "single sign-on" facilities have been contemplated. The difficulty 
of such single sign-on facilities is the propagation of the associated security context from 
distributed web service to distributed web service. The importance of this implementation issue 
is evident in the observation that a single web service that propagates a compromised security 
context may compromise numerous other web services. 

SUMMARY 

[0004] In one embodiment, a method for providing a service in a controlled run-time 
environment is disclosed. The method comprises registering a proxy service in the controlled 
run-time environment wherein the proxy service implements an interface defined according to 
the controlled run-time environment to enable services operating in the controlled run-time 
environment to interoperate with the service, receiving service information by the proxy service 
firom a local service executing in the controlled run-time environment via an interface method of 
the proxy service, communicating the service information to a remote service fi-om the proxy 
service, receiving processed information from the remote service in response to the 
communicating, and returning the processed information to the local service from the proxy 
service. 

[0005] In another embodiment, a system for providing a modular software service is 
disclosed. The system comprises controlled run-time environment means for managing 
processes, service registry means for registering services operating in the controlled run-time 
environment means, wherein at least one registered service is a proxy service means, the proxy 
service means implementing an interface defined according to the controlled run- time 
environment means for enabling services operating in the controlled run-time enviromnent 
means to interoperate with the proxy service means, the proxy service means comprising: means 
for receiving service information by the proxy service means from a local service executing in 
the controlled run-time environment means, means for communicating the service infomiation to 
a remote service from the proxy service means, means for receiving processed information from 
the remote service in response to the communicated service information; and means for returning 
the processed information to the local service. 
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10006] In ye, anofter emb«iime„,, a computer-readable medium .ha, comprises 
™e mstrucions for p™vidi„s a service l„ a co„.ro„ed ru„-.imc e„virom„e„, Is disclosed 
T*e executable ms.ruct.ons of «,e computer readable medium comprise: code for registering a 
„,ce in .be co„.r„„ed ru„-.lme envlromnen, wherein .be proxy service imp,emen.s an 
.n.«face defined according to the controlled ™n-,.me envronmen. .o enable services operaiing 
.n the con.n,l,ed run-time enviromnent to Interoperate with ,be service, code for .living 
.erv-ce mfonna.ion by .he proxy service from a local serWce execu.i„g in the con«„led ™n-.ime 
—en. v,a a mcbod of the proxy serv.ce, code for communicating the s^ce info^atio: 
.0 aremote serv,ce from the proxy se™ce, code for receiving pt^essed infonnaiion f^m .he 
remote serv.ce in response .o .be communicating, and code for renting .he processed 
■nformauon to the local service from Uie proxy service. 

BRIEF DESCRIPTION OF THE DRAWINGS 
10007, FIGURE I depicU an architectitre for .xecu.ion of an entetprise application. 
[0008] FIGURE 2 depicts an application server. 

100091 FIGURE 3 depicts an application server according to represenutive 

embodiments. 



[OOIOJ FIGURE 4 depicts a flowchart according to 



10011] FIGURE 5 depicts a computer system that may implement 
embodiments. 



representative embodiments. 

representative 



DETAILED DESCRIPTION 



[0012J B'fo- discussing representative embodimen,s.n greater deuiUt is appropriate 
to d.scu.s the operations of «,e archi.ecmre .ha, is .ypically utiUzed to implement ente^rise 
apphcations. FIGURE I depicts system 100 that may be utilised to implement en,en>rise 
appbcations. System 100 comprises client ,01 in the client tier. Client 101 may comprise 
browser ,04 to enable client 10. to access tire emetprise applications. Alternatively, stand-alone 
appbcation 1 05 may be .mplemen.ed .o access .he enterprise applications in a proplary 
manner ,f app,op„a.e for .he „a.ure of ti,e emen^rise applica.ions. The elien. tier is, in general 
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responsible for providing a user with the faciUties (e.g., graphical user interfaces) that are 
necessary to interact with the applications on the middle tier. Enterprise Information System 
(EIS) 103 in the EIS tier may be implemented to manage the data utilized by the enterprise 
applications. EIS 103 may store the enterprise data in database 106 utilizing relational database 
management functionality as an example. 

[0013] In the middle tier. Application Server (AS) 102 may interact with both client 
101 and EIS 103. For example, AS 102 may comprise container 107 (such as an Enterprise 
JAVA Bean™ (EJB)) to facilitate access to EIS 103. A container is a controlled run-time 
environment for an application component that also provides an interface to components 
executing within the container. Also, containers provide basic management functionality such as 
life cycle management of the components, security, deployment, threading, and/or the like. An 
EJB is a software component that implements the interfaces defined by its respective container. 
The interfaces of the EJB are defined in a manner that permits the functionality of the respective 
EJB to be accessed in a modular and dynamic manner. As shown in FIGURE 1, AS 102 may 
also comprise web container 108. Web container 108 may provide a controlled run-time 
environment for components that interact with client 101. For example, servlet components 
(persistent web server processes that are capable of processing multiple requests) may be 
implemented to dynamically create hypertext markup language (HTML) or XML responses to 
requests fi-om client 101. Other suitable components may be implemented within web container 
108. 

[00141 In general, AS 102 (the middle tier) may be implemented utilizing "middleware 
servers" or "application servers." An application server is typically comprised of many 
dissimilar services that are appropriate to create a stable and robust environment for enterprise 
applications. A service represents a predefined task that is provided by a piece of software in a 
well defined and predicable manner. Typically, an application server may comprise services that 
implement management functionality. The management services of the application server may 
be responsible for starting, registering, monitoring, and stopping services. Management services 
may perform other tasks such as thread pooling, security management, state management, class 
loading, load-balancing, dynamic application launching, and/or the like. Secondly, an 
application server may provide a basic set of services that may be commonly utilized by a wide 
range of enterprise applications (e.g., hypertext transfer protocol (HTTP) processing). Third, an 
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application server may comprise application specific services that implement the business or 
other logic of a given enterprise application. 

[00151 In general, the management functionality of an application server may enable an 
enterprise application to be implemented by binding the application specific services to more 
general services. For example, the management functionality may utilize a suitable deployment 
descriptor to create an HTTP listening service on a given port and to pass HTTP requests 
received fi-om that port to an application specific service. The processing of the HTTP requests 
by the application specific service may then be managed by security services, event logging 
services, load -balancing services, and/or the like. 

[001 61 FIGURE 2 depicts application server (AS) 200 that implements an enterprise 
application. AS 200 receives and processes requests fi*om clients and retums responses to the 
respective clients. AS 200 may comprise listening service 201 to manage communication of the 
requests and responses. For example, a hypertext transfer protocol (HTTP) service may be 
defined to receive HTTP transactions on a defined port. Listening service 201 may pass the 
processed HTTP information to servlet service 202 that executes in web container 108. Servlet 
service 202 may perform the application specific tasks. For example, servlet service 202 may 
generate HTM L fonns to facilitate communication of user specific information. Servlet service 
202 may process the communicated user specific information. Servlet service 202 may then 
store the processed user specific information in a suitable database utilizing EJB 204 that is 
associated with EJB container 107. 

[0017] The ability to create an enterprise application fi-om a plurality of independent 
services is facilitated by defining standardized interfaces and contracts. Specifically, the 
standardized interfaces define a collection of methods to be implemented by a class to expose the 
class to interaction within the application server environment. The contracts define special 
purpose interfaces that describe the syntax and semantics of class behavior. By defining 
interfaces and contracts in this manner, application server 200 may enable distinct services to 
interact thereby permitting programmatic solutions that are common to multiple business 
solutions to be assembled and reused for multiple appHcations, 

[00181 Representative embodiments depart from known application server designs by 
permitting resources on remote systems to be assembled into an enterprise application while 
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maintaining the service architecture. By making remote services locally accessible and by 
maintaining the service architecture, development of an application through assembly utilizing 
remote services becomes advantageous. Specifically, the security management services, logging 
services, and other services of the run-time environment may be leveraged to provide such 
facilities to the provision of remote services with reduced complexity. Thus, the complexity and 
unreliability of distributed web service assembly may be remedied. 

[0019J FIGURE 3 depicts appHcation server 300 that includes proxy service 306 
according to representative embodiments. Application server 300 enables a plurality of services 
to be assembled into enterprise applications. The enterprise applications (not shown) may 
execute in a controlled run-time environment such as container 301. The services executing with 
container 30 1 may be contained within respective partitions (e.g., partition 309) to Hmit the 
ability of the services to access the functionality of other services to the functionality assigned to 
a particular partition. 

[0020] Application server 300 may comprise service registry 302 to permit 
interoperation between services of enterprise applications. Specifically, processes that 
implement the defined interfaces of the controlled run-time environment may be registered in 
service registry 302 to expose their methods to other services. The other services may, in tum, 
examine service registry 302 to determine the availability of other services and to obtain an 
instance or handle to the interface of available services. 

[0021] Additionally, application server 300 includes various services that facilitate 
administration of enterprise applications. For example, application server 300 comprises 
security management service 303. Security management service 303 may be operable to perform 
authentication, authorization, administration, and auditing requirements. For example, security 
management process 303 may authenticate users before permitting access to enterprise 
applications and enforce user level or process level restrictions within executed enterprise 
applications according to security parameters. Also, application server 300 comprises logging 
service 304. Logging service 304 may be operable when a service invokes a method of proxy 
service 306. Logging service 304 may, in response thereto, create a record of the calling service, 
the called service, the user context, the nature of the invoked method, any associated resources 
(e.g., files, communication addresses/ports, etc.), the time of the transaction, and/or the Hke. The 
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reconled infonnato may be ^b.equa„«y „,i„,ed ,„ de,e™i„e wheftar „.ers are ac • 
app-opHate r^.^ an. „be«,er „„au,H„H.e. i„..<.„a,s W ^ I.:,::":, 

[00221 Applica>io„server300fl,rftercomprisesproxyse™ce306. Proxy service 306 
may compnse or be ass„cia,ed wiA eoniiguration information Proxy serv.ce 30. , 

.ec„n«,nr.«o„ i„fo™a.i„„.„eommnnica.ewi.„eb service re 

registry or the like). Proxy service infi c s iry / (e.g., a UDDI 

of web service 308 SoZ T u co™,eat,o„ to obtain an instance 

eo service J08. Specifically, the instance of web service lOS m.w k • . 

objec, on „^,ch ™e,Hods may be invoked by proxy se" b7 TT ™ 
«r, proxy serv,ce 306 may access .He Z.:Z:^2::^T 
embodiments, proxy serv.ee 306 may u„„ze J AX RPC ,o i VT 
30S Al™ ,1, ... ^ ^"•""'^C to mvoke the methods of web service 

30 . A,, dre methods may communicate ftc method a,^me„,(s) and retunred argument, 
»..l.z,ng suttable protocol such as XML according to the SOAP specification. 

100231 As previously noted, application server 300 comprises service registry 302 to 

rys~T'"~'°°'"'^^"--- 
proxy service ^06 may be registered in service registry 302 Oth.r=. • 

305. may utn,.e the information contained in serv ee l ITo; T " ^^"'"^ 

Accordingly local service 30, "'^'h<^- 
m«h H " tovke an appropriate 

,„dsofproxyserv,ce306in,hesamemannerasinvo.„gamethl rnTother 
«™ exeeunng w.thin the controlled run-trme enviromnen. of se^iee container 30. C 
method of proxy sen,ice 306 ,s mvoked. method at^ents may be communicated UtiZl 
communicatedinrormation. proxy service306maydetermi„e„hedrer the 

rerdT'r'"'™'""""- "^"•■'"-^-'-^---'"-eaLsp^^ r„g 
:r3o'::::r,ir:r"^T""""^^ 

308 according ,„ 1 communication of mfotmation with web service 

308 accord,„g to the respect,ve communic^ion protocols associated with web service 308 
When the information is .^eeived by the method of web service 308 the ,„ . 

infonnation as appropriate (e g perfon. » H , ^ ™^ ""'"'"^^ 

FH v^pimic i^e.g., pertorm a database transaction^ Th^- tt^^^u^a 

aPp™pnatei„fo™a«onCe.g..a„o.ectcontal„ingtheresu,tso;th::r^^^^^^ 
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proxy service 306. Proxy service 306 may communicate the returned information to local 
service 305. 

[0024] FIGURE 4 depicts flowchart 400 according to representative embodiments. In 
step 401 oiVflovvchart 400, proxy service 306 may be deployed. For example, the respective 
object-oriented class file(s) defining the functionality of proxy service 306 may be stored on a 
storage medium accessible by application server 300. A suitable deployment descriptor or 
descriptors may be added and/or modified to cause object instances of the defined class or 
classes of web service 308 to be loaded and executed (i.e., instantiated) within the controlled run- 
time environment of service container 301. 

[00251 In step 402, proxy service 306 may be registered within service registry 302 to 
expose its meiiiods to other services. As previously noted, an interface may refer to the methods 
that a class implements to interoperate within the controlled run-time environment of service 
container 301 . In step 403, one of the methods of the interface of proxy service 306 may be 
invoked by local service 305. The invocation of the method may communicate requested service 
information. Specifically, the arguments associated with the service request may be 
communicated according to the functionality of the programmatic environment utilized to 
implement local service 305 and proxy service 306. In step 404, proxy service 306 may verify 
the communicaied service information. For example, the arguments containing the information 
may be verified against validity requirements. By doing so, an exception may be returned to 
local service 305 without wasting communication resources by communicating invalid 
arguments to web service 308. 

[0026] In step 405, proxy service 306 may invoke a method of web service 308 
utilizing an appropriate protocol. For example, the requested service information received from 
local sersMce 305 may be encapsulated in an XML file and communicated to web service 308 via 
a suitable communication network (not shown). In step 406, web service 308 may process the 
communicated information. For example, web service 308 may utilize the information to 
perform a database transaction. The result(s) of the transaction may then be communicated to 
proxy service 306 (step 407). In step 408, proxy service 306 may communicate the received 
processed information to local service 305. 
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100271 When implemented via executable ms,™c.i„„s, various element of 

rr;::::::;:-"— ----'-p-^^^^^ 

readable medium (e , hard drivl 7 " ^° ™^ f-" » 

um (e.g., hard drive media, optical media, EPROM EEPRnw , 

cartridge .ed., a„d/or the I.ke) or _.ated v.a a data si^na™' ' 

medium (e.g., the Internet) Jn fact readahl. commumcation 

tr-ferinfon„at.on. ' ' ^ '^^''^ '"^'"^^ that 

[0028] FIGURE 5 illustrates computer system son 
embodiments Central nrn. ■ '^''""^ ^^^P^^d according to representative 

ents. Central processmg umt (CPU) 501 :s coupled to system bus 502 CPU 501 
be any general purpose CPU However th. ""^y 

-P..O,a.lo„.a.C...:~~^^^^ 

may be PROM EPROM EEP^M . i-ludes ROM 504 which 

commu:r„;~:2r':::r^^^^ 

505 eomtecK to s^rage devices 506 = . '^^'^^ *»P'>y adapter 509. ,/0 adapter 

*ive,.apedrive..oc:urz rrt""°'°°"^^""^'''°"^^'"-^^ 

S0.o.y.oree.ecu.ab:.,ru:r2rd:^^^^^^ 

:,zre:r::rT-"-~^^ 
an.:a„a.the::r:::::~^^ 

mayi„cludeproxyservice5I4 The. '""^'"^ '""l'^'""^- The various services 

service 514 may ITe " ' . "''^"^ °— P-y 

514 may also be stored on the media associated with stomge devices 506. 

10031] Communications adapter 511 is adani,Hf„„ , 
netv^ork 512, which mav be „„. '""P'^ ■computer system 500 to a 

(WAN) network , '^-^^ ^'^^ 

N, network, Ethenret network, and/or hrtemet network. User interface adapter 50S couples 
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user input devices, such as keyboard 513 and pointing device 507, to computer system 500. 
Display adapter 509 is driven by CPU 501 to control the display on display device 510. 

[0032] By making a web service accessible through a proxy service, embodiments of 
the present invention may provide several advantages. In particular, the functionality of the web 
service may be invoked in a modular basis by multiple enterprise applications without requiring 
application developers to be aware of or understand the protocols associated with the web 
service. Instead, only one developer may implement those protocols for the proxy service. 
Thereafter, other developers may leverage the proxy service in the same manner as any other 
service. Moreover, embodiments of the present invention facilitate security management 
associated with web services. Specifically, the security management functionality of single 
process systems such as application servers are relatively well defined and understood. 
Embodiments of the present invention enable such known security management functionality to 
be utilized to manage web services with reduced complexity and increased reliability. 
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